500-290 Exam Questions

Which option transmits policy-based alerts such as SNMP and syslog?

Which option is used to implement suppression in the Rule Management user interface?

FireSIGHT recommendations appear in which layer of the Policy Layers page?

In addition to the discovery of new hosts, FireSIGHT can also perform which function?

A user discovery agent can be installed on which platform?

Other than navigating to the Network File Trajectory page for a file, which option is an alternative way of accessing the network trajectory of a file?

Which option can you enter in the Search text box to look for the trajectory of a particular file?

A context box opens when you click on an event icon in the Network File Trajectory map for a file. Which option is an element of the box?

Which Cisco IPS signature parameter can be tuned to reduce the volume of the alerts that are written to the event store?

Which two operations would put an inline Cisco IPS sensor in detection mode? (Choose two.)

Which two are valid examples of String engines? (Choose two.)

Which two are the functions of the learning feature of anomaly detection within a Cisco IPS appliance? (Choose two.)

Regarding the Cisco IPS appliance anomaly detection feature, which two of these would be considered scan events? (Choose two.)

According to Gartner, which criteria distinguish a next-generation IPS?

Which feature in the Cisco AMP solution provides the ability to track malware activity over time?

Which Cisco AMP deployment would you recommend for advanced customers that want comprehensive threat protection, investigation, and response?

The gateway VPN feature supports which deployment types?

Which statement is true concerning static NAT?

Which statement is true when network traffic meets the criteria specified in a correlation rule?

Which list identifies the possible types of alerts that the Sourcefire System can generate as notification of events or policy violations?

Which option is a remediation module that comes with the Sourcefire System?

Which statement represents detection capabilities of the HTTP preprocessor?

Which feature of the preprocessor configuration pages lets you quickly jump to a list of the rules associated with the preprocessor that you are configuring?

Suppose an administrator is configuring an IPS policy and attempts to enable intrusion rules that require the operation of the TCP stream preprocessor, but the TCP stream preproces...

Controlling simultaneous connections is a feature of which type of preprocessor?

A one-to-many type of scan, in which an attacker uses a single host to scan a single port on multiple target hosts, indicates which port scan type?

What does packet latency thresholding measure?

What are the two categories of variables that you can configure in Object Management?

Which option is true regarding the $HOME_NET variable?

Which option is one of the three methods of updating the IP addresses in Sourcefire Security Intelligence?

Which statement is true in regard to the Sourcefire Security Intelligence lists?

Which statement is true when adding a network to an access control rule?

Which option is true when configuring an access control rule?

How do you configure URL filtering?

Which statement describes the meaning of a red health status icon?

Context Explorer can be accessed by a subset of user roles. Which predefined user role is not valid for FireSIGHT event access?

Context Explorer can be accessed by a subset of user roles. Which predefined user role is valid for FireSIGHT event access?

When configuring an LDAP authentication object, which server type is available?

Cisco FireSIGHT can provide visibility into which three types of information that competing products cannot? (Choose three.)

When adding source and destination ports in the Ports tab of the access control policy rule editor, which restriction is in place?

Access control policy rules can be configured to block based on the conditions that you specify in each rule. Which behavior block response do you use if you want to deny and reset...

Which event source can have a default workflow configured?

Where do you configure widget properties?

The collection of health modules and their settings is known as which option?

Host criticality is an example of which option?

FireSIGHT uses three primary types of detection to understand the environment in which it is deployed. Which option is one of the detection types?

When configuring FireSIGHT detection, an administrator would create a network discovery policy and set the action to "discover". Which option is a possible type of discovery?

Which option is derived from the discovery component of FireSIGHT technology?

The IP address::/0 is equivalent to which IPv4 address and netmask?

One of the goals of geolocation is to identify which option?